Closed partounian closed 2 years ago
I'm inclined to fold the question of validating SSL provider names into the Trellis project goal of improving organization of SSL-related ansible roles and extensibility (e.g., #893, #896).
I think this validation is more complex than simply checking whether ssl.provider in ['letsencrypt', 'manual', 'self-signed']
(built in providers) because we likely want to accommodate third-party SSL roles offering additional provider names.
For example, typisttech/trellis-cloudflare-origin-ca role uses provider: cloudflare-origin-ca
. If such roles were to use the same name for the role and the provider, Trellis could validate ssl.provider in role_names
(role_names
is an Ansible magic var).
--tags letsencrypt
Also running tags letsencrypt doesn't work alone, it requires you to run nginx if you have not previously dhparams
Thanks for catching this. The letsencrypt
tag for the dhparams task is long overdue. Fixed in #964.
Forcing the role name to be the same as ssl provider name could be an issue for galaxy roles because users could name the galaxy role to whatever they want.
- src: TypistTech.trellis-cloudflare-origin-ca
version: 0.6.0
name: whatever-i-want
Not so ideal solution:
Tag the role with wordpress-setup
.
# server.yml
- { role: TypistTech.trellis-cloudflare-origin-ca, tags: [cloudflare-origin-ca, wordpress-setup], when: sites_using_cloudflare_origin_ca | count }
Closing since this hasn't proven to be much of an issue over the years and there's issues implementing a simple fix as detailed above.
Submit a feature request or bug report
Replace any
X
with your information.What is the current behavior?
Doesn't throw an error (edit: if provider name misspelled, or if provider doesn't exist)
What is the expected or desired behavior?
It should error check for the different SSL options
Also running tags letsencrypt doesn't work alone, it requires you to run nginx if you have not previously dhparams